Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-04-20 07:25:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

add sensible error messages to CLI

Browse Source
This commit is contained in:
miampf 2025-01-09 11:50:55 +01:00
parent 60c3ec4b01
commit 53b84d8398
No known key found for this signature in database
GPG Key ID: EF039364B5B6886C
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
cli/internal/cmd/ssh.go
View File

@ -60,44 +60,44 @@ func runSSH(cmd *cobra.Command, _ []string) error {
// NOTE(miampf): Since other KMS aren't fully implemented yet, this commands assumes that the cKMS is used and derives the key accordingly.
var mastersecret secret
if err = fh.ReadJSON(fmt.Sprintf("%s.json", constants.ConstellationMasterSecretStoreName), &mastersecret); err != nil {
return err
return fmt.Errorf("Failed to read constellation master secret: %s", err)
}
mastersecret_uri := uri.MasterSecret{Key: mastersecret.Key, Salt: mastersecret.Salt}
kms, err := setup.KMS(cmd.Context(), uri.NoStoreURI, mastersecret_uri.EncodeToURI())
if err != nil {
return err
return fmt.Errorf("Failed to set up key management service: %s", err)
}
key, err := kms.GetDEK(cmd.Context(), crypto.DEKPrefix, 256)
if err != nil {
return err
return fmt.Errorf("Failed to retrieve key from key management service: %s", err)
}
_, priv, err := ed25519.GenerateKey(bytes.NewReader(key))
if err != nil {
return err
return fmt.Errorf("Failed to create signing key from master secret: %s", err)
}
ca, err := ssh.NewSignerFromSigner(priv)
if err != nil {
return err
return fmt.Errorf("Failed to create ssh CA key from master secret: %s", err)
}
debugLogger.Debug("CA KEY generated", "key", string(ssh.MarshalAuthorizedKey(ca.PublicKey())))
debugLogger.Debug("SSH CA KEY generated", "key", string(ssh.MarshalAuthorizedKey(ca.PublicKey())))
key_path, err := cmd.Flags().GetString("key")
if err != nil {
return err
return fmt.Errorf("Failed to retrieve path to public key from 'key' flag: %s", err)
}
key_buf, err := fh.Read(key_path)
if err != nil {
return err
return fmt.Errorf("Failed to read public key %q: %s", key_path, err)
}
pub, _, _, _, err := ssh.ParseAuthorizedKey(key_buf)
if err != nil {
return err
return fmt.Errorf("Failed to parse key %q as public key: %s", key_path, err)
}
certificate := ssh.Certificate{
@ -109,7 +109,7 @@ func runSSH(cmd *cobra.Command, _ []string) error {
Permissions: permissions,
}
if err := certificate.SignCert(rand.Reader, ca); err != nil {
return err
return fmt.Errorf("Failed to sign certificate: %s", err)
}
debugLogger.Debug("Signed certificate", "certificate", string(ssh.MarshalAuthorizedKey(&certificate)))